Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello, this is my last ditch effort to fix this myself before I call in an (expensive!) expert. Any help would be appreciated. My computer has been running quite slow, and many times when I boot up I get a box that says "some files not recognized in Winn32". Then yesterday Norton Antivirus alerted me to an infection. It would not quarentine or delete the MaConnect.dll virus. I disabled System restore, updated the virus definitions, restarted the computer in Safe mode, ran a full system scan, and it still would not quarentine or delete. Now my computer is really running slow and locking up on simple programs like Word. Please respond in plain English, the computer talk above was copied from directions and I am a user, not a programmer! I did download Hijackthis, did a scan and created a log if that helps. I appreciate your help!
Thank you
Thank you
just do a search for MaConnect.dll and delete it manually.
Failing that, just backup all your important files to CD-R and re-install windows. Simple as.
0 
0
Thank you both for quick responses. I did a file search in C Drive, it did not come up with the virus. I am hoping there is an easier way than backing up all my files and reinstalling windows! Please let me know if I did not search in the right place??
Thank you
0
Okay, Joanne,
Post the HijackThis log, and we'll have a look. Meanwhile, I can't find info on that MaConnect.dll, so is that spelled correctly? Any other messages/names from Norton?
Try some others for better luck too:
Anti-Virus
▫ [on-line] ActiveScan Anti-Virus (Panda)
▫ [on-line] HouseCall Anti-Virus (Trend Micro)
▫ [on-line] RAV Anti-Virus (AV Security)
▫ [on-line] BitDefender Anti-Virus
▫ AVG Anti-Virus (Grisoft)Try some Anti-spyware too:
▫ Spybot Search & Destroy (Safer Networking)
▫ Ad-aware (Lavasoft)
▫ CWShredder (Merijn.org)
▫ TDS-3 (DiamondCS)
▫ Pest Patrol
Keep in mind that some of them may need to be updated over the web first when started, and before zapping the baddies!It's log time! Bring it on !:)
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Thanks for looking at this. Here is what my Norton Antivirus says: Source: MaConnect.dll
Description: The compressed file MaConnect.dll within C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0XMB0TYN\MaConnect[1].cab is infected with the Download.Trojan virus.
Click for more information about this virus : Download.TrojanAnd here is the Hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 10:34:10 AM, on 2/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\Program Files\Norton Internet Security\NISUM.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\AUTORUN.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.swpurchasing.com
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CABHope this all means something to you, cause it doesn't to me!
Thank you
0
Here are the instructions from the Norton site:
[removal] Download.Trojan (Norton Symantec)
Disabling System Restore is the trick to cleaning this. But first, do this:ControlPanel>Internet Options
[Temporary Internet Files]
Press 'Delete Files' and also include 'all off-line content' when it asks that.It's just a small one - nothing serious, your Norton should take care of it. Although it won't hurt to cross-check with one of those that I linked to. And get SpyBot & Adaware. I'll check that HJT log now.
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Okay, this one's considered adware:
O4 - Startup: PowerReg Scheduler V3.exe
So try Spybot or Adaware on it. It's not really harmful, just a pest like the info given here indicates:
PowerReg Scheduler (Pest Patrol)Then there's this one. Maybe this is what your Norton picked up, but I found it mentioned as trojan.download.chekin:
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
And it may have a side-kick that's called Owmngr.exe
Here's Norton's removal procedure, I guess your Norton will deal with this one [as well]
[removal] trojan.download.chekin (Norton)
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
